The votes are in, and next year's Oscars could be decided just as easily by a hacker as by the Academy, security experts warn.
The Academy of Motion Picture Arts and Sciences announced last week that for the 2013 Oscars, it will switch from its current vote-by-mail system to a strictly Internet-based voting system. While the results of this year's gala event on Feb. 26 are safe, Stanford University computer-science professor David Dill says attackers could have their own say in next year's voting process.
"Everybody would like there to be secure Internet voting, but some very smart people have looked at the problem and can't figure out how to do it," Dill told Britain's Guardian newspaper.
The founder of the election transparency group Verified Voting, Dill said it's virtually impossible to guarantee the authenticity of the ballot while still maintaining the necessary secrecy and not giving away which members voted for what.
"The problem arises as soon as you decouple the voter from the recorded vote," Dill said. "If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won't be able to see it either."
A host of different weapons could be deployed to rig and manipulate an electronic voting systems, including denial-of-service attacks against the server, spear-phishing emails directed to voters, malware, Trojans and network intrusions. The Academy's more than 5,000 voters for next year's awards will be able to log their choices from their home or office computers, making them, and their votes, especially susceptible to attack.
"The hardest problem is when you have malicious software on the machine where the vote is cast," Dill said. "If that's the user's home PC, that's a huge problem, because lots of people have undetected viruses on their machine. A lot of people are under the control of hackers in Eastern Europe, or wherever, and don't even know it."
To record and tally votes for the 85th Annual Academy Awards in 2013, the Academy will partner with the San Diego-based software firm Everyone Counts, whose clients include the U.S. Department of Justice, the U.K. Ministry of Justice and the state of New South Wales, Australia.
In a statement on its site, Everyone Counts said that built into its technology "are multiple layers of security that include military-grade encryption techniques."